summaryrefslogtreecommitdiff
path: root/proto/bgp/attrs.c
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2011-09-03 21:59:40 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2011-09-03 21:59:40 +0200
commit6c4df70373fa640a7f068d4e1b563621b67c0d2b (patch)
treeb9d554323069dd1027cd2cd167d8c5918d16b634 /proto/bgp/attrs.c
parent2918e61046388821c3d4411c602dc5b28ad59329 (diff)
Fixes possible buffer overflow when printing BGP attributes.
Thanks to Alexander V. Chernikov for the patch.
Diffstat (limited to 'proto/bgp/attrs.c')
-rw-r--r--proto/bgp/attrs.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c
index 59d8a8c0..2832f428 100644
--- a/proto/bgp/attrs.c
+++ b/proto/bgp/attrs.c
@@ -1576,16 +1576,18 @@ bgp_get_attr(eattr *a, byte *buf, int buflen)
{
unsigned int i = EA_ID(a->id);
struct attr_desc *d;
+ int len;
if (ATTR_KNOWN(i))
{
d = &bgp_attr_table[i];
- buf += bsprintf(buf, "%s", d->name);
+ len = bsprintf(buf, "%s", d->name);
+ buf += len;
if (d->format)
{
*buf++ = ':';
*buf++ = ' ';
- d->format(a, buf, buflen);
+ d->format(a, buf, buflen - len - 2);
return GA_FULL;
}
return GA_NAME;